Electronic data is typically secured using ‘open’ encryption. The current ‘open’ encryption standard is Public Key Infrastructure (PKI), which is built around two critical components:
1. Key-Pairs
A key-pair set is a pair of keys (an encryption key and a decryption key) that are mathematically bound to each other. Key-pair sets are most easily understood by comparing them to the electronic equivalent of a physical lock and key. The “Encryption Key” is like the lock—it is what makes the encrypted information secure from viewing by unauthorized parties. The “Decryption Key” is like a physical key, it allows you to open the lock and retrieve what is inside the package.
2. Public Storage of One Key
The “Encryption Key” (the digital ‘lock’) is stored in a public place, where anyone can pick it up and use it. This makes it easily available to all—akin to taking a physical lock off a shelf to secure an outside door. But in the digital realm, this availability/openness exposes and potentially renders vulnerable part of the security that is critical for secure communication between parties.
In an overly simplified example of this in action, a user places information (email, e-commerce transaction, medical data transfer, wearables device data, etc.) into a box and secures it by retrieving the lock (“Encryption Key”) from a publicly available repository. Then he sends the locked box to the end user who uses his key (“Decryption Key”) to unlock the box and retrieve the information.
In reality, this process is far more complicated, but can be explained with the following algebraic equation:                Consider (AB) as the first user's key-pair: “A” is the lock and “B” is the key.        Consider (YZ) as the second user's key-pair: “Y” is the lock and “Z” is the key.        Both users have published their locks (A & Y) to a public repository so others can communicate with them securely.        The following are all true:        
                              A          ≠          B          ≠          Y          ≠          Z                ⁢                                                                AB          YZ                ≠        1                                      BY          AZ                =        1                            Then mathematically the following is also true:        
            BY      AZ        ⁢          (      Data      )        =      (    Data    )  
The above equation shows the computation of the package (Data), illustrating its transition from one user to another.
The steps would occur this way:                1. Combine the first user's private key (B) and the second user's publicly available “lock” (Y) with the information to be sent (Data). This creates a locked package that is sent to the end user.BY(Data)        2. The end user takes the received package and applies its own private key (Z) and the first user's public key (A) retrieved from the repository.        
      BY    ⁡          (      Data      )        AZ                3. After applying the missing pieces (AZ) to the received package (BY(Data)) then the original data is revealed.        
The “Public Key” allows anyone to lock data in a way that only the recipient will be able to unlock. This feature is both a strength and weakness. It allows the locking piece to be used by anyone that wants to communicate securely. However, because it is publicly available, it also makes reverse engineering of the algorithm time consuming, but not impossible. If, one wants to derive another's private key, he can simply reverse engineer it with enough time and processor power. Given both, one may eventually extract (Z) from (BY(DATA))/A, since the public key (“A”) and data package (BY(Data)) are online for an infinite period of time. The solution to the above problems is to never share or publicly post a key-pair, or to have the key-pair changed for each and every transaction that is encrypted.
QR (uick Response) Codes were invented by Toyota Automotive Company's parts division, the Denso Corporation, to solve the problems of limited information that can be transmitted on conventional (aka, ‘zebra striped’) generic bar codes. Barcodes are machine-readable optical labels that provide information about the item to which they are attached. The QR code expanded beyond the automotive industry and soon grew into other purposes, including rewards programs and digital coupons.
Current uses for QR codes include supply chain, inventory management, and shipping information. In Asia they are frequently used for payment information without the need for Western credit card platforms. Services including Alipay and WeChat Pay utilize QR codes to facilitate transactions at fast food restaurants, convenience stores, and popular retailers.
Unlike Western payment systems, QR Code readers are relatively inexpensive, putting them within easy reach of vegetable sellers and foot cart vendors in rural areas and developing countries. Rather than using credit card based platforms these readers can read QR codes from consumer smartphones efficiently and inexpensively.
Already widespread in China, QR codes are increasingly common in Japan, Korea, and spreading quickly to other parts of Asia. While acceptance in the U.S. and Europe has been slow, the technology is quickly morphing as more and more transactions are taking place (1) digitally, and (2) via mobile devices, particularly smartphones.
In markets such as Singapore and Hong Kong, consumers still typically use credit cards for transactions at restaurants or shops. While contactless chip-based technology upgrades have made credit card use faster, they still take longer than QR code transactions. The time savings add up quickly when there are many consumers trying to use transactional system at the same time, as is commonly seen at train stations, bus depots, concert halls, and athletic stadiums, among other places.
QR codes have grown so popular in China, transactions surpassed $5.8 trillion in the first quarter of 2018—they are so ubiquitous, beggars often use QR codes because few people carry cash anymore.
As an internal tracking mechanism, QR codes are an ideal solution. However, problems exist with the use of QR codes on a grand scale. In particular, when QR codes are used on a grand scale outside the bounds of the “internal controls” of a strictly internal system, data within the QR code may be easily compromised. For example, QR Codes are being used across the internet for many sensitive transactions (including financial and privacy related), which renders the data within these QR codes susceptible to potential misuse/abuse and/or wherein information within these QR codes may be easily compromised and/or intercepted by third parties. Therefore, what is needed is a method to secure and safeguard these communications (e.g., data with QR codes) at the transactional level.